Welcome To The Panopticon, or "How I Learned To Stop Worrying And Love Information Warfare"
So it's 2019......and so far we have:
- Twitter, Facebook, Youtube and the like, de-platforming or censoring any content that leans towards the right or conservative side.
- Amazon, Google, Apple, Microsoft, et al, doubling down on collection of people's data.
- The US intelligence apparatus convincing major hotel chains (Marriot for one) to collect information and report on hotel guests (for the most trivial of "abnormalities", if one can call them that).
- Amazon working with law enforcement to implement widespread facial recognition gathering.
- Those nifty DNA/ Heritage testing sites have been caught giving your DNA to Uncle Sam.
- Cellular providers selling your real-time location to anyone who wants to buy it.
- The proliferation of "smart" devices such as Alexa that is always listening.
- Web browsers screening the news you search for and only letting the "leftist" slanted news through.
I could go on for pages and pages, but you get the point. One needs to become aggressive to secure their privacy in this day and age....so with that in mind I thought it apropos to publish an updated breakdown of available options.
Lets establish some standards that should be adhered to when choosing a chat application.
1. It should be comprised of open-source code. Open source code can be audited by third parties for completeness, proper implementation and potential security vulnerabilities.
2. It should employ end to end encryption. In other words, the encryption happens on your device and the decryption happens on the recipient's device versus a third party server. This removes the need to trust a third party with your keys.
3. It should utilize INFOSEC industry accepted standards for cipher primitives. It should use well studied ciphers, key exchanges and hashes such as: AES-256, RSA-4096, ChaCha20, ECC-512, Curve25519, Poly1305, secp256k1, Curve448, Twofish, SHA-3, Whirlpool, GPG.
4. It should utilize forward secrecy. This protects the user if they have a key that somehow gets compromised. In this setup the system renegotiates the key exchange at short, established time intervals. Diffie-Hellman is a common implementation of this concept.
5. It should support the removal/destruction of messages on both ends of the conversation. This could be based on a timer, manual selection or a "destroy on read" protocol.
6. Encryption scheme should be implemented in accordance with accepted standards. (This is one of the issues with Telegram). Some well studied implementations: Axolotl, Proteus, OMEMO, Matrix, Whisper, Mercury, Bramble.
7. It should obfuscate non-message data (metadata). Even if your message body is secure, information such as routing, timestamps, location and device fingerprinting data can be transmitted in the clear. This is less than ideal.
8. It should support the in-app blocking of screen captures. Certain malware has been known to silently take a screen capture as you read or write your otherwise secure message and then send it in the background or simply store it for later physical retrieval by bad actors.
9. Decentralized and blockchain based solutions are often preferable to server based (centralized) solutions. Decentralized/Peer to Peer (P2P) systems do not rely on a traditional server model (centralized model). Instead, they route traffic via other peers running the same software. This avoids a single point of failure and makes censoring/blocking extremely unlikely.
10. Having a verification process for chat partners is a plus. This would involve sharing a checksum or other unique identifier via a separate channel. Both parties involved in the chat would initiate the exchange on their respective ends. This helps to insure that you are actually talking to your intended chat partner and not a bad actor. This aides in the prevention of Man In The Middle attacks (MITM).
11. Is it multi-platform? Will it run on phones (Android, iPhone) and computers (Windows, Mac, Linux)? This is more a matter of versatility than security; unless, of course, you delete a sensitive message on one device (your phone) but fail to delete it on the same app that is running on your home computer (which gets seized by bad actors). Versatility is also a factor when dealing with a large group of people wanting to securely communicate with one another. Does everyone have a compatible device for said app?
Bonus * For the phone based apps; do they include software trackers? If so, how many and where do they lead to? On an Android device, for example, most apps that you install will include trackers. These trackers for the most part exist for the developers to diagnose crashes, usage statistics and various marketing analytics. These seem reasonable enough, but you should always research who is behind the trackers as this data could conceivably be used in a non-favorable way.
Okay, so where does that leave us? Here are some options that meet all or most of the above requirements.
* Briar
Meets all policies above except: 5 and 11.
App available for Android only. App has no trackers.
Can be used anonymously.
Not for profit organization.
Briar is unique in that it allows connections not only via the web (via TOR), but also point to point using WiFi or Bluetooth. This would be useful in a "grid down" scenario where a group needs to communicate securely without web infrastructure availability. Briar is still under heavy development and has many interesting features planned for future releases.
* Signal
Meets above policies except: 9
App available for Android, iOS, Win, Mac and Linux. App has no trackers.
Identity is tied to your phone number (not anonymous).
Not for profit organization. (California, USA)
Signal is used as a drop in replacement for the native SMS app on your phone. It pushes messages via a data channel as opposed to the traditional SMS cellular band. This allows for better metadata concealment and also will not count against your phone provider's SMS limit. It does rely on servers (based in the US) and utilizes GCM (Google Cloud Messaging) for push notifications. Offers secure voice and file transfer as well. Signal does have access to your contacts list.
* Wire
Meets policies above except: 8 and 9.
App available for Android, iOS, Win, Mac and Linux. App has one tracker (Google Firebase Analytics).
Identity is tied to an email address. (anonymity dependent on email used).
For profit organization. (Switzerland)
Wire is often compared to Signal as they are structured in a similar fashion. Wire is not, however, meant to be a SMS replacement. Wire does keep a list of people you have communicated with until account deletion. Offers secure voice, video, file transfer as well as chat. Wire servers are located in Switzerland.
* Wickr
Meets policies above except: 9 and partially 1 (server side is closed source)
App available for Android, iOS, Win, Mac and Linux. App has two trackers (Countly and Google Firebase Analytics)
Anonymous identity. Can be tied to phone number if desired.
For profit organization. (California, USA)
Wickr had a rough start as it used closed source code. It has since moved to open source code and has been professionally audited. Offers secure voice and file transfer as well as chat. The Linux desktop version is depreciated and will not run on newer distros. Wickr servers are US based.
* Status
Meets above except: 5 and 8.
App available for Android, iOS, Win, Mac and Linux. (currently beta). App has one tracker (Google Firebase Analytics).
Anonymous identity.
Not for profit organization. (Germany)
Status is based on the Ethereum blockchain (decentralized system) and is structurally similar to Bitmessage. It is still beta software at this time and has some growing to do yet.
* BCM/BlockChain Messenger
Meets above except: 1, 5 and 8. (switching to open source is ongoing).
App available for Android and iOS. App has two trackers (Google Firebase Analytics, Umeng Analytics).
Anonymous identity.
Not for profit organization. (British Virgin Islands).
BCM is another blockchain based secure messenger. It, like Status, has a lot of room for growth.
* Obsidian/OSM
Meets above except: 5 and 8.
App available for Android and iOS. (desktop apps under development).
Anonymous identity.
Not for profit organization.
Another blockchain based solution under heavy development.
* Tox (Antox, Trifa, qTox)
Meets above except: 5 and 8.
App available for Android, iOS, Win, Mac, Linux. No trackers.
Anonymous identity.
Not for profit organization.
Tox is a versatile platform for secure chat, voice, video and file transfer.
* Bitmessage
Meets above except: 4
App available for Win, Mac, Linux (Abit is available for android but is not recommended due to the Proof of Work draining the battery). No trackers.
Anonymous identity.
Not for profit organization.
Bitmessage is one of the original blockchain based messengers. It has been well studied and is considered stable at this point. The addresses are long hashes and can be cumbersome to transfer for some. PoW keeps it from being a viable option on a handheld device. Be sure and run the most recent version (0.6.3.2 as of this writing) as the older version had a security flaw.
* Riot (Matrix)
Meets above except: 4, 5 and 8.
App available for Android, iOS, Win, Mac and Linux. Two trackers (Google Firebase Analytics, Matomo).
Anonymous identity.
Not for profit organization.
Riot is one of several clients for the Matrix protocol. Riot has a lot of versatility, including chat, voice, video and file transfer. One thing to keep in mind is that at the moment encryption is not turned on by default, so you must ensure that you activate "private messages".
* Ricochet IM
Meets above except: 5 and 10.
App available for Win, Mac and Linux. No trackers.
Anonymous identity.
Not for profit organization.
Ricochet is a very no frills, but very secure messenger. It makes an anonymous connection via TOR where you can conduct your chat. Ricochet IM has been well audited by security professionals.
* Adamant
Meets above except: 5 and 8.
App available for Android, iOS and web based. No trackers.
Anonymous identity.
Not for profit organization. (Ireland)
Adamant strives to be one of the most secure and anonymous blockchain based messengers on the market. They are relatively new to the scene, so time will tell how they stack up.
**************************
As you can see there are pros and cons to all of the above solutions. You may find that two or more of the above would be appropriate for your current threat model. In any case, give them a try....you have nothing to lose and much to gain.
If you are currently using Whatsapp, Viber, your phone's built in SMS client, Telegram or any of the other countless mainstream messaging apps, you might consider switching to one of the above solutions.
In the next post we will use the same approach to examine email and email-like solutions; as email, by it's very design, can be a security nightmare.
Some light reading links:
https://firebase.google.com/docs/analytics/
https://count.ly/
https://umeng.com
https://medium.com/@wireapp/wire-application-level-security-audits-98324d1f211b
https://medium.com/cryptoblog/wickrs-core-crypto-goes-public-324bb7de0133
https://www.signal.org/blog/looking-back-on-the-front/
Comments
Post a Comment